Re: Disconnect virtual terminals

Art,

Here's a possible scenario.

There is a disconnected terminal. The owner user telnets to the same system TWICE at about the same time. Both sessions are presented with a prompt for the same disconnected VTA. One session connects. The second session attempts to connect to the same device. What the second session sees is:

Connecting to terminal _VTA49:Error connecting to _VTA49:Device already allocated to another user

and a new process is created.

You'll see a LOGIN-F-CONNERR in the audit journal.

If you have LOGIN audits enabled, as well as LOGFAIL, you should see a pattern in the audit trail. A successful local interactive login for a particular username to a virtual terminal (the VTA number will be a new one, not the one to which they're reconnecting). Followed quickly by a CONNERR failure for the same username but from a different VTA terminal, follwed immediately by a successful interactive login from the same VTA that just generated the CONNERR.

If you see this pattern, you've confirmed my scenario.

So what should you do? Nothing! The system has worked correctly, and done something sensible when asked to do something impossible (ie: connect a second session to a virtual terminal), and both user and system manager have been notified.

Re: Disconnect virtual terminals

>The users were apparently blindfolded at>the time and can't tell me anything else >about what they may have seen on their >screen.

Depending on exactly how they're connecting, what from, and the nature of the account they're connecting to, they may not see the message:

"Connecting to terminal _VTA49:Error connecting to _VTA49:Device already allocated to another user"

For example, if you login from a real VT terminal, or a new Putty session, the Welcome message from the new login will wipe out the messages faster than anyone can read them, and clear the scrollback.

Not even Steven's proposed camera would help.

You need to telnet from an existing session to see the messages (unlikely if you're reconnecting from a dropped session). Similarly, any login procedure which clears the screen would obscure the message.

What the users should perhaps have noticed - they requested to connect to an existing session, but got a new one instead. That might not be obvious from a captive menu.

One possible circumstance which could exacerbate this situation would be multiple users logging into the same username? The list of disconnected sessions is in the same order for all, and after a network dropout, it's highly likely multiple users would be attempting to connect at about the same time.

But then no one would allow such a thing with virtual terminals enabled, would they? ;-)